lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 5 Oct 2021 10:48:15 -0400
From:   Alex Deucher <alexdeucher@...il.com>
To:     Paul Menzel <pmenzel@...gen.mpg.de>
Cc:     Tom Lendacky <thomas.lendacky@....com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        X86 ML <x86@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        LKML <linux-kernel@...r.kernel.org>,
        amd-gfx list <amd-gfx@...ts.freedesktop.org>
Subject: Re: `AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y` causes AMDGPU to fail on
 Ryzen: amdgpu: SME is not compatible with RAVEN

On Tue, Oct 5, 2021 at 10:29 AM Paul Menzel <pmenzel@...gen.mpg.de> wrote:
>
> Dear Tom, dear Linux folks,
>
>
> Selecting the symbol `AMD_MEM_ENCRYPT` – as done in Debian 5.13.9-1~exp1
> [1] – also selects `AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT`, as it defaults
> to yes, causing boot failures on AMD Raven systems. On the MSI B350M
> MORTAR with AMD Ryzen 3 2200G, Linux logs and the AMDGPU graphics
> driver, despite being loaded, does not work, and the framebuffer driver
> is used instead.
>
>      [   19.679824] amdgpu 0000:26:00.0: amdgpu: SME is not compatible
> with RAVEN
>
> It even causes black screens on other systems as reported to the Debian
> bug tracking system *Black screen on AMD Ryzen based systems (AMDGPU
> related when AMD Secure Memory Encryption not disabled --
> mem_encrypt=off)* [2].

It's not incompatible per se, but SEM requires the IOMMU be enabled
because the C bit used for encryption is beyond the dma_mask of most
devices.  If the C bit is not set, the en/decryption for DMA doesn't
occur.  So you need IOMMU to be enabled in remapping mode to use SME
with most devices.  Raven has further requirements in that it requires
IOMMUv2 functionality to support some features which currently uses a
direct mapping in the IOMMU and hence the C bit is not properly
handled.

Alex

>
> Should the default be changed?
>
>
> Kind regards,
>
> Paul
>
>
> [1]:
> https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/changelog#L1138
> [2]: https://bugs.debian.org/994453

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ